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These tutorials are a simplified 
introduction, and are not sufficient on 


~"| have a bad feeling about this.”~ ie abate ds piece aeahes 
7 ° ma ou are responsible for the sarety 0 
Star Wars, Episode k {k=7..9} Fodectem| 
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Data, Message & Memory Integrity thie 
= Anti-Patterns for Data Integrity: —»> sh athe mete 4 
| Error Code 


e Nochecks on memory data 


— Program image and configuration | DataWord . ORIGINAL 
Data Word pee 


— RAM and other data integrity == 
POSSI/BLE 
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© No end-to-end message checks ! eee ‘coe faa tes nessuas BIT FLIPS 
e Using checksum instead of CRC fie, Lie > 
eres 
= Memory & data integrit Te 
y J y \ y Error Code 
e Detecting data corruption: Calculation > MATCH? 





— Mirroring, Parity & SECMED codes, Checksum, CRC 

— If data word consistent with error code, then no defectab/e error 

—- Random hash as a starting point: random k-bit error code by chance misses 1/2 errors 
e Malicious faults require cryptographically strong integrity check 

— All error codes discussed here are easy to attack © 2020 Philip Koopman 2 
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Sources of Data Faults Eee 
= Hardware faults yee Soft Errors 


e Network message bit flips 
e Bad EEPROM/Flash writes 


e “Bit rot” (storage degrades over 
time) 


= Single event upsets: Soft Errors 


e Affect both memory & CPU logic 


e Error detecting codes usually dont 
help with CPU logic faults! 


= Software corruption 
e Bad pointers, buffer overflow, etc. 


ATMOSPHERE Simplified 












e2'- THE COSMIC RAYS 
“> COLLIDE WITH 
“'|’ AIR MOLECULES 
CREATING 
PARTICLES © 


La im Lal Lal al r Lal 7 THE PARTICLES 

coe oe oe eee oe ee ees COLLIDE WITH 
LN 2 COMPUTER CHIPS 

THE COLLISIONS 

CAUSE CURRENT PULSES 

INSIDE THE CHIP DIE 

RESULTING IN COMPUTIONAL FAULTS: 

- 0 flips to 1; 1 flips to 0 in memory 

- Logic gates produce incorrect results 
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Overview of Data Integrity Mechanisms Meter, 





Key term: Hamming Distance (HD) HD ‘Flips Flips Examples 
OY et Detected Undetected 
e Smallest # of bit flips possibly undetected 
None 1+ No Error 
e Flips across data value and error code Bae 
e Higher HD is better (more errors detected) Parity 
; : : Checksum, 
Parity: detects single bit errors (HD=2) Mirroring, 
e Store one bit that holds XOR of all bits Any CRC 
Mirroring (HD=2, but cheap computation) do 
e Store data twice: plain and inverted bits Some CRCs, 
- E.g.: 0x55 => {0x55, OxAA} two-byte pair Short 
SEC: (Hamming Code) correct single bit errors Fletcher 
i 4+ Some CRCs, 
SECDED: SERNED 


Single Error Correction, Double Error Detection 
e Use a Hamming Code + parity bit to give HD=4 
e Size approximately 1 + log, (number of data bits) © 2020 Philip Koopman 4 


HD+ Good CRC 
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Checksum Techniques Compared Si 


1.E-04 


m “Add up all the data bits 





a: 
e XOR all data words (HD=2) O E i e07 (ts Comp 
— Detects 1-bit errors (Hs eee 
e 2's complement addition (HD=2) ms**« 
- Detects 1-bit and most 2-bit errors 5 
3 O 1£- 
e 1's complement addition (HD=2) a2 at 
- Wraps carry bit, so slightly better (= — 
oe ad 
= Complex checksums: N Vie 
e Fletcher checksum (HD=2, HD=3) 1-19 
0 256 512 768 1024 1280 1536 1792 2048 2304 2560 
7 Keeps two running 1's comp. sums Code Word Length (bits) 
—- HD=3 at short lengths, HD=2 at long lengths Maxino, T., & Koopman, P. "The Effectiveness of 
oe! 4, Checksums for Embedded Control Networks, 
e Adler checksum (HD=2, HD=3) [EEE Trans. on Dependable and Secure 
— Uses prime moduli counters Computing, Jan-Mar 2009, pp. 59-72. 


Error rate BER = 10° 
— Fletcher is typically a better & faster choice © 2020 Philip Koopman 5 
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= The mechanism: POLYNOMIAL: 1011 0100 0001 = 0xB41 


e Shift and XOR of 
selected feedback bits 


© Accumulated residue A! Example Feedback Polynomial: 
shift reaper isthe CRC = xB 41 = x124x194x9+x74x+1 (“+1” is implicit in hex value) 
checksum’ value = (x+1)(x3 +x2 +1) (x8 +x4 +x3 +x2 +1) 


= The math: Factor of (x+1) » implicit parity (detects all odd errors) 
e The data and the feedback bit pattern are both binary coefficient polynomials 
e Error code is remainder from polynomial division of data by feedback over GF(2) 
m Feedback polynomial selection matters 
e Some popular polynomials are poor choices, including international standards(!) 
e Some rules of thumb are misguided (e.g., (x+1) divisibility for high HD) 
e Best polynomials are found via brute force search of exact evaluations 
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Finding “Good” Polynomials Uichersity 


https://users.ece.cmu.edu/~koopman/crc/ 
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= Example: HD=4 for 256 bit data word = 0x247 (10 bit CRC) 
4294967263 
m Example: HD=6 for 128 bit data word = Ox9eb2 (16 bit CRC) 
2147483615 
Max length CRC Size (bits) 0xc9d204£5 
at HD / 
Polynomial! 3 [4 | 8 | 6 | 7/8 | 2 | wi) uw |e} Bi) w | as | oxd419¢c18 
tas 
— 4 | 11 || 26 | 57 || 120 2036 || 4083 || 8178 || 16369 || 32752 || 65519 32738 
= 0x5 | 0x9 | 0x12 | 0x33 | 0x65 || Oxe7 » | 0x327 | OxSdb | 0x987 | Oxlabf | 0x27ef || 0x4f23 | 0x8d95 0x9960034e 
Po as se TMT 246 || S01 y 2035 || 4082 || 8177 || 16368 || 32751 ™ 
OxSD | Oxes 0x17d | 0x247 | DK Ox8f3 | 0x12e6 | 0x2322 | 0x4306 | Oxd175 992 





1 Oxf8c9140a 


26 53 52 113 136 241 
0xSd7 || Oxbae | 0x1e97 || 0x212d || 0x6a8d || Oxac9a 


0x2b9 





| UXTS || UX20 | 
= 9 

ws oe exe oxiss 

P47 8 fiz 22 27 | 52ST gh ila | 135 
PORT OREO ROR SOe | CRS | ORE | OTe Ure ame UXS /3a | OxIeb2 > 

HD=7 5 12 ll 2 13 : y 

Ox29b || Ox571 || Oxa4f || 0x12a5 | 0x28a9 0x968b 
4 1] 11 11 12 15 0xb49c1c96 
Ox4fS || Oxa4f || 0x10b7 || 0x2371 || 0x630b || Ox8fdb = 
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Oxf8c9140a 














0x9d7f97d6 
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Best Practices For Data Integrity ye 
m= Ensure sufficient data integrity 
e CRC on network packets Barone oats “7 
e Periodic CRC on flash/EEPROM data = ie, een ei § 


" * te og my 4 j 
gt a 1104 28.01 200° # Ba 
= = t "eR = SS “70s: aS agri crs bas aes 
= ; ; af inventors en 5 O8t ; } ge = we * 


e Appropriate memory integrity check on RAM 


= Pitfalls: 
e Assuming mirroring is enough 
— What about data on stack? 
— What about data inside operating system? 
e Assuming memory data integrity is all you need 
— What about corrupted calculations? 
e Using a checksum when you should use a CRC 
e Many subtle pitfalls for the unwary. See FAA report: https://goo.gl/UKFmHr 
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nano? REAL HEY. REAL EXCUSE ME, BUT 
PROGRAMMERS | | PROGRAMMERS REAL PROGRAMMERS 
USE emacs USE vim. ed. , USE BUTTERFLIES. 











https://www.xkcd.com/378/ 
THE DISTURBANCE RIPPLES WHICH ACT AS LENSES THAT = [ yuice- 
THEY OPEN THEIR OUTWARD, CHANGING THE FLOW DEFLECT INCOMING COSMIC COURSE, THERES AN EMACS 
HANDS AND LET THE OF THE EDDY CURRENTS RAYS, FOCUSING THEM TO COMMAND TO DO THAT. 
DELICATE WINGS FLAPONCE.|  1N THE UPPER ATMOSPHERE. STRIKE THE DRIVE PLATTER 


“piensa 
N 
AND FLIP THE DESIRED BIT. Cx the Hebutterfly, 


LIRR, 


DAMMIT, EMACS. 









THESE CAUSE MOMENTARY POCKETS 
OF HIGHER-PRESSURE. AIR TO FORM, 













Digital Data 


THE GREAT THING ABOUT 
DIGITAL DATA |S THAT 





https://www.explainxkcd.com/wiki/index.php/1683:_Digital_Data 
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